Open source software security

The Password Policy module suffers from a persistent (stored) cross site scripting (XSS or arbitrary script injection) vulnerability because it fails to sanitize expiration warning messages before display.

A cross site scripting (XSS), or arbitrary script injection, vulnerability exists in TinyMCE due to the fact that the bbcode plugin violates the explicit security policy of TinyMCE. If the bbcode plugin is enabled, but encoding is enabled using the "encoding" directive, or sanitizing is enabled using the "valid_elements" attribute, these mechanisms fail to function as expected.

This short example shows you how you can dynamically add form elements to an existing form based on user request. This is especially helpful for users of web based email applications so they can add multiple attachments easily.

This quick and dirty function allows you to have the browser auto tab across elements as they reach a pre-specified maximum length. Nice for using when you're separating phone numbers into multiple form fields (provides a more user friendly interface).

This is a script I whipped up to prevent content from a site from being framed in by another site. I had a situation where a site I was maintaining was being framed in by another site, giving the impression that the content was their own. It was a simple matter to break out of their frame (hey, if they're calling my code they have to be prepared for the consequences). I often use this code on pages as a safeguard to prevent such activity from taking place.

This function checks to make sure that a form field is in correct 'mm/dd/yyyy' format. The article also includes a function that checks for yyy-mm-dd format more elegantly by using regular expressions.

Quotes inside form input can wreak all sorts of havoc by interfering with normal quotations that delimit strings in programming and display logic. An easy way to eliminate these problems is to strip out single and double quotes in a form as the form is submitted.